The client requires the signer certificates from the server to be able to communicate with WebSphere® Application Server. Use the retrieveSigners command to get the signer certificate from a server.
Use the retrieveSigners utility for situations where you cannot verify whether or not the com.ibm.ssl.enableSignerExchangePrompt= property is enabled or disabled when the application makes a request. Set the com.ibm.ssl.enableSignerExchangePrompt= property to false in the ssl.client.props file if you cannot see the console.
Alternatively, you can manually create the server key in the client truststore.
C:\WebSphere\AppServer\profiles\AppSrv01\bin\retrieveSigners.bat CellDefaultTrustStore ClientDefaultTrustStore CWPKI0308I: Adding signer alias "default_signer" to local keystore "ClientDefaultTrustStore" with the following SHA digest:
/QIBM/UserData/WebSphere/AppServer/V8/ND/profiles/AppSrv01/bin/retrieveSigners CellDefaultTrustStore ClientDefaultTrustStore CWPKI0308I: Adding signer alias "default_signer" to local keystore "ClientDefaultTrustStore" with the following SHA digest:
The following examples illustrate how to call the retrieveSigners.bat file.
profile_root\bin\retrieveSigners.bat CellDefaultTrustStore ClientDefaultTrustStore
profile_root/bin/retrieveSigners CellDefaultTrustStore ClientDefaultTrustStore
profile_root\bin\retrieveSigners.bat CellDefaultTrustStore ClientDefaultTrustStore -host myRemoteHost -port 8879 -conntype SOAP -autoAcceptBootstrapSigner
profile_root/bin/retrieveSigners CellDefaultTrustStore ClientDefaultTrustStore -host myRemoteHost -port 8879 -conntype SOAP -autoAcceptBootstrapSigner
profile_root\bin\retrieveSigners.bat CellDefaultTrustStore ClientDefaultTrustStore -host myRemoteHost -port 2809 -conntype RMI -autoAcceptBootstrapSigner
profile_root/bin/retrieveSigners CellDefaultTrustStore ClientDefaultTrustStore -host myRemoteHost -port 8879 -conntype SOAP -user testuser -password testuserpwd -autoAcceptBootstrapSigner
profile_root\bin\retrieveSigners.bat CellDefaultTrustStore ClientDefaultTrustStore -host myRemoteHost -port 8879 -conntype SOAP -user testuser -password testuserpwd -autoAcceptBootstrapSigner
In this information ...Related concepts
Related reference
| IBM Redbooks, demos, education, and more(Index) |